Final update on this issue. I found out about the "rpm -q --whatrequires " command and used that to navigate the dependency chain for the modules in question. I was able to determine that those modules were ultimately not being used for anything. Once I confirmed that, I removed the modules. So far so good. It didn’t cause any issues to the services on that server. I will find out if it resolved the vulnerability that had been flagged by the security scanner next time it runs, probably at the end of the month.